Ce denier est compatible SSLv3.
SSLv3 est obsolète car il comporte une faille archi connu (poodle).
Savez-vous comment désactiver cette fonction SSLv3 dans domoticz ?
L'outil d'analyse de faille remonte pleins d'alertes :
Code : Tout sélectionner
OS Vulnerability Title Vulnerability Category Severity Business Impact Risk Port Protocol QID CVE ID CVSS Vendor Reference Threat Impact Solution Results
Ubuntu / Linux 3.x SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE) General remote services 3 4 Medium-7 443 tcp 38603 CVE-2014-3566 3,7 POODLE "The SSL protocol 3.0 design error, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attacks.
The target supports SSLv3, which makes it vulnerable to POODLE (Padding Oracle On Downgraded Legacy Encryption), even if it also supports more recent versions of TLS. It's subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3." An attacker who can take a man-in-the-middle (MitM) position can exploit this vulnerability and gain access to encrypted communication between a client and server. "Disable SSLv3 support to avoid this vulnerability.
Examples to disable SSLv3.
nginx: list specific allowed protocols in the ""ssl_protocols"" line. Make sure SSLv2 and SSLv3 is not listed. For example: ssl_protocols TLSv2 TLSv1.1 TLSv1.2;
Apache: Add -SSLv3 to the ""SSLProtocol"" line.
How to disable SSL 3.0 on Microsoft IIS (https://support.microsoft.com/kb/187498/en-us).
"
Ubuntu / Linux 3.x SSL Server Has SSLv3 Enabled Vulnerability General remote services 3 4 Medium-7 443 tcp 38606 3,6 "SSL 3.0 is an obsolete and insecure protocol.
Encryption in SSL 3.0 uses either the RC4 stream cipher, or a block cipher in CBC mode.
RC4 is known to have biases, and the block cipher in CBC mode is vulnerable to the POODLE attack.
The SSLv3 protocol is insecure due to the POODLE attack and the weakness of RC4 cipher.
Note: In April 2015, PCI released PCI DSS v3.1 (https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf)announcing that NIST no longer considers Secure Socket Layers (SSL) v3.0 protocol as acceptable for protecting data and that all versions of SSL versions do not meet the PCI definition of ""strong cryptography."" " An attacker can exploit this vulnerability to read secure communications or maliciously modify messages. "Disable the SSL 3.0 protocol in the client and in the server, refer to
How to disable SSLv3 : Disable SSLv3 (http://disablessl3.com/)" SSLv3 is supported#
Ubuntu / Linux 3.x SSL/TLS use of weak RC4 cipher General remote services 3 4 Medium-7 443 tcp 38601 CVE-2013-2566, CVE-2015-2808 3,7 "Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS ) protocols provide integrity, confidentiality and authenticity services to other protocols that lack these features.
SSL/TLS protocols use ciphers such as AES,DES, 3DES and RC4 to encrypt the content of the higher layer protocols and thus provide the confidentiality service. Normally the output of an encryption process is a sequence of random looking bytes. It was known that RC4 output has some bias in the output. Recently a group of researches has discovered that the there is a stronger bias in RC4, which make statistical analysis of ciphertext more practical.
The described attack is to inject a malicious javascript into the victim's browser that would ensure that there are multiple connections being established with a target website and the same HTTP cookie is sent multiple times to the website in encrypted form. This provides the attacker a large set of ciphertext samples, that can be used for statistical analysis.
NOTE: On 3/12/15 NVD changed the CVSS v2 access complicity from high to medium. As a result Qualys revised the CVSS score to 4.3 immediately. On 5/4/15 Qualys is also revising the severity to level 3." "If this attack is carried out and an HTTP cookie is recovered, then the attacker can then use the cookie to impersonate the user whose cookie was recovered.
This attack is not very practical as it requires the attacker to have access to millions of samples of ciphertext, but there are certain assumptions that an attacker can make to improve the chances of recovering the cleartext from cihpertext. For examples HTTP cookies are either base64 encoded or hex digits. This information can help the attacker in their efforts to recover the cookie." RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues. "CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE
SSLv3 WITH RC4 CIPHERs IS SUPPORTED
RC4-MD5 RSA RSA MD5 RC4(128) MEDIUM
RC4-SHA RSA RSA SHA1 RC4(128) MEDIUM
TLSv1 WITH RC4 CIPHERs IS SUPPORTED
RC4-MD5 RSA RSA MD5 RC4(128) MEDIUM
RC4-SHA RSA RSA SHA1 RC4(128) MEDIUM
TLSv1.1 WITH RC4 CIPHERs IS SUPPORTED
RC4-MD5 RSA RSA MD5 RC4(128) MEDIUM
RC4-SHA RSA RSA SHA1 RC4(128) MEDIUM
TLSv1.2 WITH RC4 CIPHERs IS SUPPORTED
RC4-MD5 RSA RSA MD5 RC4(128) MEDIUM
RC4-SHA RSA RSA SHA1 RC4(128) MEDIUM#"
Ubuntu / Linux 3.x SSL Server Supports Weak Encryption Vulnerability General remote services 3 4 Medium-7 443 tcp 38140 7,7 "The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.
SSL encryption ciphers are classified based on encryption key length as follows:
HIGH - key length larger than 128 bits
MEDIUM - key length equal to 128 bits
LOW - key length smaller than 128 bits
Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to guarantee transaction security.
The following link provides more information about this vulnerability:
Analysis of the SSL 3.0 protocol (http://www.schneier.com/paper-ssl-revised.pdf)
Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations." An attacker can exploit this vulnerability to decrypt secure communications without authorization. "Disable support for LOW encryption ciphers.
Apache
If TLSv1.1 or TLSv1.2 are available, then those protocols should be used.
SSLProtocol TLSv1.1 TLSv1.2
If TLSv1.1 and TLSv1.2 are not available then only TLS1.0 should be used:
SSLProtocol TLSv1
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Tomcat
sslProtocol=""SSLv3""
ciphers=""SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA""
IIS
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030) (Windows restart required)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (http://support.microsoft.com/default.aspx?scid=kb;en-us;187498) (Windows restart required)
Security Guidance for IIS (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For Novell Netware 6.5 please refer to the following document
SSL Allows the use of Weak Ciphers. -TID10100633 (http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm)" "CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE
SSLv3 WEAK CIPHERS
DES-CBC-SHA RSA RSA SHA1 DES(56) LOW
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) LOW
TLSv1 WEAK CIPHERS
DES-CBC-SHA RSA RSA SHA1 DES(56) LOW
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) LOW
TLSv1.1 WEAK CIPHERS
DES-CBC-SHA RSA RSA SHA1 DES(56) LOW
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) LOW
TLSv1.2 WEAK CIPHERS
DES-CBC-SHA RSA RSA SHA1 DES(56) LOW
EDH-RSA-DES-CBC-SHA DH RSA SHA1 DES(56) LOW#"
Ubuntu / Linux 3.x SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST) General remote services 3 4 Medium-7 443 tcp 42366 CVE-2011-3389 3,5 "SSLv 3.0 and TLS v1.0 protocols are used to provide integrity, authenticity and privacy to other protocols such as HTTP and LDAP. They provide these services by using encryption for privacy, x509 certificates for authenticity and one-way hash functions for integrity. To encrypt data SSL and TLS can use block ciphers, which are encryption algorithms that can encrypt only a fixed block of original data to an encrypted block of the same size. Note that these ciphers will always obtain the same resulting block for the same original block of data. To achieve difference in the output the output of encryption is XORed with yet another block of the same size referred to as initialization vectors (IV). A special mode of operation for block ciphers known as CBC (cipher block chaining) uses one IV for the initial block and the result of the previous block for each subsequent block to obtain difference in the output of block cipher encryption.
In SSLv3.0 and TLSv1.0 implementation the choice CBC mode usage was poor because the entire traffic shares one CBC session with single set of initial IVs. The rest of the IV are as mentioned above results of the encryption of the previous blocks. The subsequent IV are available to the eavesdroppers. This allows an attacker with the capability to inject arbitrary traffic into the plain-text stream (to be encrypted by the client) to verify their guess of the plain-text preceding the injected block. If the attackers guess is correct then the output of the encryption will be the same for two blocks.
For low entropy data it is possible to guess the plain-text block with relatively few number of attempts. For example for data that has 1000 possibilities the number of attempts can be 500.
For more information please see a paper by Gregory V. Bard. (http://eprint.iacr.org/2006/136.pdf)
NOTE:
The CVSS access complexity assigned by NIST to CVE-2011-3389 is 'Medium' which makes the base score 4.3. But Qualys has assigned access complexity to 'High' for server side, because Javascipt injection and MiTM capabilities and a vulnerable client are required to exploit this vulnerability. Therefore the Qualys CVSS score is 2.6." Recently attacks against the web authentication cookies have been described which used this vulnerability. If the authentication cookie is guessed by the attacker then the attacker can impersonate the legitimate user on the Web site which accepts the authentication cookie. "This attack was identified in 2004 and later revisions of TLS protocol which contain a fix for this. If possible, upgrade to TLSv1.1 or TLSv1.2. If upgrading to TLSv1.1 or TLSv1.2 is not possible, then disabling CBC mode ciphers will remove the vulnerability.
Setting your SSL server to prioritize RC4 ciphers mitigates this vulnerability. Microsoft has posted information including workarounds for IIS at KB2588513 (http://technet.microsoft.com/en-us/security/advisory/2588513).
Using the following SSL configuration in Apache mitigates this vulnerability:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
Qualys SSL/TLS Deployment Best Practices can be found here (https://www.ssllabs.com/projects/best-practices/).
Note: RC4 recommendation is only in situations where upgrade to TLSv1.2 is not possible. RC4 in TLS v1.0 has output bias problem as described in QID 38601. Therefore it is recommended to upgrade to TLS v1.2 or later." "Available non CBC cipher Server's choice SSL version
RC4-SHA EDH-RSA-DES-CBC3-SHA SSLv3
RC4-SHA EDH-RSA-DES-CBC3-SHA TLSv1#"
Ubuntu / Linux 3.x Web Server Stopped Responding Web server 3 4 Medium-7 443 tcp 86476 4,8 The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP requests. Consequently, the service aborted testing for HTTP vulnerabilities. The vulnerabilities already detected are still posted. The service was unable to complete testing for HTTP vulnerabilities since the Web server stopped responding. "Check the Web server status.
If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server until the issue is resolved.
If the Web server is unable to process multiple concurrent HTTP requests, please lower the scan harshness level and launch another scan. If this vulnerability continues to be reported, please contact Customer Support." "The web server did not respond for 4 consecutive HTTP requests.
After these, the service was still unable to connect to the web server 2 minutes later.#"
Ubuntu / Linux 3.x Web Server Stopped Responding Web server 3 4 Medium-7 8080 tcp 86476 4,8 The Web server stopped responding to 3 consecutive connection attempts and/or more than 3 consecutive HTTP requests. Consequently, the service aborted testing for HTTP vulnerabilities. The vulnerabilities already detected are still posted. The service was unable to complete testing for HTTP vulnerabilities since the Web server stopped responding. "Check the Web server status.
If the Web server was crashed during the scan, please restart the server, report the incident to Customer Support and stop scanning the Web server until the issue is resolved.
If the Web server is unable to process multiple concurrent HTTP requests, please lower the scan harshness level and launch another scan. If this vulnerability continues to be reported, please contact Customer Support." "The web server did not respond for 4 consecutive HTTP requests.
After these, the service was still unable to connect to the web server 2 minutes later.#"
Ubuntu / Linux 3.x SSL Certificate - Self-Signed Certificate General remote services 2 4 Medium-6 443 tcp 38169 6,8 "An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.
The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed certificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers.
By exploiting this vulnerability, an attacker can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate, it will accept this spoofed certificate and communicate with the remote server." By exploiting this vulnerability, an attacker can launch a man-in-the-middle attack. Please install a server certificate signed by a trusted third-party Certificate Authority. Certificate #0 emailAddress=your@email.com,OU=Unit51,CN=*.domoticz.com,L=Domoticz,O=Domoticz,ST=MyState,C=NL is a self signed certificate.#
Ubuntu / Linux 3.x SSL Certificate - Subject Common Name Does Not Match Server FQDN General remote services 2 4 Medium-6 443 tcp 38170 2,1 "An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.
A certificate whose Subject commonName or subjectAltName does not match the server FQDN offers only encryption without authentication.
Please note that a false positive reporting of this vulnerability is possible in the following case:
If the common name of the certificate uses a wildcard such as *.somedomainname.com and the reverse DNS resolution of the target IP is not configured. In this case there is no way for Qualys to associate the wildcard common name to the IP. Adding a reverse DNS lookup entry to the target IP will solve this problem.
" A man-in-the-middle attacker can exploit this vulnerability in tandem with a DNS cache poisoning attack to lure the client to another server, and then steal all the encryption communication. Please install a server certificate whose Subject commonName or subjectAltName matches the server FQDN. Certificate #0 emailAddress=your@email.com,OU=Unit51,CN=*.domoticz.com,L=Domoticz,O=Domoticz,ST=MyState,C=NL (*.domoticz.com) doesn't resolve#
Ubuntu / Linux 3.x SSL Certificate - Signature Verification Failed Vulnerability General remote services 2 4 Medium-6 443 tcp 38173 6,8 "An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection. The authentication is done by verifying that the public key in the certificate is signed by a trusted third-party Certificate Authority.
If a client is unable to verify the certificate, it can abort communication or prompt the user to continue the communication without authentication." "By exploiting this vulnerability, man-in-the-middle attacks in tandem with DNS cache poisoning can occur.
Exception:
If the server communicates only with a restricted set of clients who have the server certificate or the trusted CA certificate, then the server or CA certificate may not be available publicly, and the scan will be unable to verify the signature." Please install a server certificate signed by a trusted third-party Certificate Authority. Certificate #0 emailAddress=your@email.com,OU=Unit51,CN=*.domoticz.com,L=Domoticz,O=Domoticz,ST=MyState,C=NL self signed certificate#